Google Will Let You Opt Out of Chrome 'Forced Login'

By
Michael Kan27 Sep 2018, 4:08 a.m.

Chrome 70, which will arrive next month, will include a new setting that turns off the automatic login feature. Google is also changing the browser's interface to more clearly state when the sync feature is turned on.

Amidst backlash, Google is tweaking Chrome to let you opt out of the browser's new "forced login policy."

Chrome 70, which will arrive next month, will include a new setting that turns off the automatic login feature. "For users that disable this feature, signing into a Google website will not sign them into Chrome," Google Chrome product manager Zach Koch wrote in a blog post.

The tweak was made to address a privacy uproar over the latest iteration of Google's browser, Chrome 69. Earlier versions of the browser let you log into a Google service, say Gmail, without logging into Chrome. But the tech giant decided to change that in Chrome 69, which arrived earlier this month. Signing into a Google service via the browser will now automatically log you into Chrome as well. (You'll notice this when your account's profile pic appears in the right-hand corner of the browser.)

Privacy advocates were concerned Google was trying to dupe users into turning on Chrome's sync feature. This lets you access your browser history across devices but also sends your data to Google's servers.

On Tuesday, Koch reiterated that Chrome's new login feature does not log you into sync. To activate it, you have to click your profile pic and hit sync.

Nevertheless, Koch said Google will update the Chrome interface to better indicate when the browser's sync feature is turned on. Chrome 69, critics say, has a new menu that might prompt users to activate the sync feature by accident.

Another change Google is making to Chrome is the way it clears browser data. Chrome 69 was modified to not delete Google's authentication cookies from the browser when you cleared the data, meaning Chrome logs you out of all your internet services except Google ones.

Koch said: "We will change this behavior that so all cookies are deleted and you will be signed out."

Cryptographer Matthew Green, who was among the vocal critics of Chrome 69, applauded Google for listening to the privacy concerns, though he says upcoming changes amount to "damage control" and not a real change to Google's more invasive privacy approach.

"It's pretty obvious that the company has changed direction in a pretty significant way in the past couple of years," he said in a tweet. "I think a few expert 'don't log me in' features are nice, but if they represent an overall privacy loss for most users, it's hard to really get behind them."

In Google's defense, Koch said the new automatic login feature was designed to remind Chrome users that they were still logged into a Google service through the browser. "Over the years, we've received feedback from users on shared devices that they were confused about Chrome's sign-in state," Koch said. "We think these UI changes help prevent users from inadvertently performing searches or navigating to websites that could be saved to a different user's synced account."